July 2025
M T W T F S S
 123456
78910111213
14151617181920
21222324252627
28293031  

Categories

July 2025
M T W T F S S
 123456
78910111213
14151617181920
21222324252627
28293031  

Requirements for Active Directory Recycle Bin 2008

Requirements for Active Directory Recycle Bin

Requirements for Active Directory Recycle Bin

Updated: December 21, 2012

Applies To: Windows Server 2008 R2

By default, Active Directory Recycle Bin in Windows Server 2008 R2 is disabled. To enable Active Directory Recycle Bin, your environment must meet the requirements in the following sections.

Do the following before you enable Active Directory Recycle Bin in an Active Directory Domain Services (AD DS) environment:

  • Run Adprep to update your Active Directory schema with the necessary Active Directory Recycle Bin attributes. Membership in the Schema Admins group is the minimum required to complete the following Adprep tasks:
    ImportantImportant
    If you are performing a clean installation of a Windows Server 2008 R2 Active Directory forest, you do not have to run Adprep and your Active Directory schema will automatically contain all the necessary attributes for the Active Directory Recycle Bin to function properly. If, however, you are introducing a Windows Server 2008 R2 domain controller into your existing Windows Server 2003 or Windows Server 2008 forest and, subsequently, upgrading the rest of the domain controllers to Windows Server 2008 R2, you must run Adprep to update your Active Directory schema with the attributes that are necessary for Active Directory Recycle Bin to function correctly.
    • Prepare the forest by running the adprep /forestprep command on the server that holds the schema master operations master (also known as flexible single master operations or FSMO) role to update the schema.
    • Prepare the domain by running the adprep /domainprep /gpprep command on the server that holds the infrastructure operations master role.
    • If a read-only domain controller (RODC) is present in your AD DS environment, you must also run the adprep /rodcprep command.
  • Make sure that all domain controllers in your Active Directory forest are running Windows Server 2008 R2.
  • Raise the functional level of your Active Directory forest to Windows Server 2008 R2.

Do the following before you enable Active Directory Recycle Bin in an Active Directory Lightweight Directory Services (AD LDS) environment:

  • Upgrade the schema of your AD LDS configuration set with the necessary Active Directory Recycle Bin attributes by running the following command:

    Ldifde.exe –i –f MS-ADAM-Upgrade-2.ldf –s server:port –b username domain password –j . -$ adamschema.cat

    noteNote
    If you are upgrading your environment to Windows Server 2008 R2, you can upgrade the schema first and then upgrade the operating system. If you select this approach, you will have to first locate and download the necessary MS-ADAM-Upgrade-2.ldf and adamschema.cat files. Or you can do the reverse: upgrade the operating system first and then upgrade the schema. This is the recommended approach, because both MS-ADAM-Upgrade-2.ldf and adamschema.cat are available in Windows Server 2008 R2 in the C:\Windows\ADAM directory.
  • Make sure that all servers hosting the instances of your AD LDS configuration set are running Windows Server 2008 R2.
  • Raise the functional level of your AD LDS configuration set to Windows Server 2008 R2 or higher. To do this using ADSIEdit:
    1. Open ADSIEdit, click Action and click Connect to .
    2. In Connection Point , click Select a well known Naming Context: and choose Configuration and in Computer , click Select or type a domain or server: and then type Localhost:50000 or an alternative server name and port that you chose during the AD LDS installation, and then click OK .
    3. Double-click Configuration [Localhost:50000] , double-click CN=Configuration,CN={GUID} , right-click CN=Partitions , and click Properties .
    4. Select msDS-Behavior-Version and click Edit .
    5. Type a value of 4 to raise the functional level to Windows Server 2008 R2 or 5 to raise it to Windows Server 2012, and click OK twice.
September 11th, 2016 | Category: 2012 SERVER | Leave a comment

Hyper -V Fabric Monitoring

Fabric Monitoring

A close integration between System Center 2012 R2 Virtual Machine Manager and System Center 2012 R2 Operations Manager introduces System Center cloud monitoring of virtual layers for private cloud environments. To get this new functionality, use the System Center 2012 Management Pack for System Center 2012 R2 Virtual Machine Manager Dashboard, which is imported automatically when you integrate Operations Manager and Virtual Machine Manager. For information about how to integrate Operations Manager and Virtual Machine Manager, see Configuring Operations Manager Integration with VMM.

 

DPM can protect servers and workstations across domains within a forest that has a twoway trust relationship with the domain that the DPM server is located in. If there is not a two-way trust across domains, you can protect the computers using DPM’s support for computers in workgroups or untrusted domains. For more information, see Managing Protected Computers in Workgroups and Untrusted Domains.DPM supports data protection across forests as long as you establish a forest-level, two-way trust between the separate forests.

September 11th, 2016 | Category: Hyper-V | Leave a comment

How to force HTTPS behind AWS ELB

How to force HTTPS behind AWS ELB

In the most common configurations, when running your web app behind Nginx or Apache, your https:// request will get redirected to http://. Sometimes, you may want to rewrite all HTTP requests to HTTPS.

The Amazon Elastic Load Balancer (ELB) supports a HTTP header called X-FORWARDED-PROTO. All the HTTPS requests going through the ELB will have the value of X-FORWARDED-PROTO equal to “HTTPS“. For the HTTP requests, you can force HTTPS by adding a simple rewrite rule, as follows:

1. Nginx

In your nginx site config file check if the value of X_FORWARDED_PROTO is https, if not, rewrite it:

server {
  listen 80;
  ....
  location / {
    if ($http_x_forwarded_proto != 'https') {
      rewrite ^ https://$host$request_uri? permanent;
    } 
  ....
  }
}

2. Apache

Same goes for Apache, add this rewrite rule to your site’s config file:

<VirtualHost *:80>
...
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI}
...
</VirtualHost>

3. IIS (Windows)

Install IIS Url-Rewrite module, using the configuration GUI add these settings

Install IIS Url-Rewrite module, using the configuration GUI add these settings

<rewrite xdt:Transform="Insert">
<rules>
<rule name="HTTPS rewrite behind ELB rule" stopProcessing="true">
<match url="^(.*)$" ignoreCase="false" />
<conditions>
<add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$" ignoreCase="false" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{SERVER_NAME}{URL}" />
</rule>
</rules>
</rewrite>
September 10th, 2016 | Category: Amazon | Leave a comment

A fatal flaw in TCP on Linux hijacks HTTPS connections. Here is the fix

A fatal flaw in TCP on Linux hijacks HTTPS connections. Here is the fix

If you are running Linux kernel 3.6 or newer, anyone in the world on a network that allows IP spoofing can hijack your encrypted communications in less than a minute, with a success rate of 90%.

Here is how to fix it.

Step 1. Open /etc/sysctl.conf in an editor.

Step 2. Add the line:

net.ipv4.tcp_challenge_ack_limit = 999999999

and save the file.

Step 3. At the prompt, use the shell command:

sysctl -p

This will update your configuration.

 

TCP_flaw-760x360

September 8th, 2016 | Category: Centos RHEL 7 | Leave a comment

update your Linux kernel from 3.1 to 4.7.2-1

Update Your Linux Kernel in Place (Running CentOS 7 or Above)

If you started an instance from the official CentOS AMI on AWS, you are running kernel 3.1 as of this writing, while you could easily take advantage of improved security features of newer kernels that are already available in a stable release. Here is how to update your Linux kernel from 3.1 to 4.7.2-1 in place.

Step 1. Import the repo key

Import the GPG key for the repository:

rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org

Step 2. Install the repository

Install the repository that holds your new kernel:

yum install http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm

You can peek inside the configuration file for the repository to see what it will be doing:

nano /etc/yum.repos.d/elrepo.repo

Step 3. Enable the repository

Enable the repository with this command:

yum --enablerepo=elrepo-kernel install kernel-ml

Step 4. Install the RPM

Install your new kernel for CentOS/RHEL 7.02:

yum install http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm

Step 5. List all available kernels

List all kernels that are available to the grub bootloader on your system:

awk -F\' '$1=="menuentry " {print $2}' /etc/grub2.cfg

Step 6. Select the new kernel

From the list of available kernels, select the new kernel:

grub2-set-default 0

The number 0 denotes the first kernel in the list.

Step 7. Save the new configuration and reboot

Save your new configuration:

grub2-mkconfig -o /boot/grub2/grub.cfg
September 8th, 2016 | Category: Centos RHEL 7 | Leave a comment

Postfix With smtpd Access Restrictions

Anti-Spam Defense: Using Postfix With smtpd Access Restrictions

Fighting spam, aren’t we all… To stem the tide of unwanted junk mail look no further than the built-in access restrictions in Postfix.

If you find yourself the postmaster-in-chief, the last think you want is having to rely on your users to weed through spam and navigate around phishing mails without fail. In fact, spam is a major source of security breaches that involve using social engineering to allow hackers to get a foot in the door.

Why mail services fail at filtering spam (some even fail miserably)

Unsolicited mail is a problem that every organization must fix for itself, one way or the other. Even those of us who are paying for an enterprise-class spam detection service aren’t always happy with the results. The same goes for anti-spam services that set honeybee traps all over the Internet to collect junk trying to come up with effective filters. Your mileage will vary in either case. Are their traps attracting the same spammers that are flooding your users’ inboxes? Judging upon the efficiency of software tools and anti-spam services in real-world scenarios, the answer is: not so much. On top of it, mail services such as Gmail for Business or AWS Workmail have to tailor their services to all of their customers’ industries, including such spam hotspots as car insurance, home improvement, and health care. Good luck with that.

So how do you go about fixing the problem in your organization when you find yourself in charge of it? You could set up spam filtering software that uses heuristics such as Apache Spam Assassin, but it will come at the cost of a performance penalty and with somewhat questionable benefits of ongoing maintenance.

Postfix supports Sendmail version 8 Milter protocol and thus Sendmail milters (mail filters). Milter.org, once the world’s most comprehensive catalog of Milters, has been shut down some time ago, and Sendmail, Inc. is now Proofpoint, Inc, following an acquisition.  Proofpoint Inc. continues to provide milters in its standard open source distribution of Sendmail. Milters can be used to fight spam, scan attachments for viruses, and sign messages. Even so, the future of milters is anything but clear. Unless you wanted to implement Sendmail milters in Postfix, your best bet when trying to stem the flood of spam is using Postfix’ built-in functionality: smtpd restrictions, header and body checks, and external rbl/rhsbl databases. These tools are more than adequate for most use case scenarios. Your other option is using the likes of Spam Assassin.

To a degree, you could also rely on the built-in access restrictions in the mail client of your users’ choice. To that end, you can extract email addresses of known spammers from your mail clients’ log files or from discarded junk mail, then use them to build rules for handling incoming messages.

Here is how to do it in Postfix.

A multi-step approach to spam filtering

Postfix allows you to implement multi-layered spam filtering: during the connection negotiation with SMTP clients using smtpd restrictions, then when accepting incoming mail by scanning the headers and the body of each message for clues. Postfix provides the following functionlity right off the bat:

  • smtpd access restrictions are defined using Postfix access maps; they come into play during the exchange between the SMTP server (your host) and the SMTP client that’s sending an incoming message to it:
  • external spam-fighting services:
    • RBL lists (MAIL FROM)
    • RHSBL lists (RCPT TO)
  • content versification of incoming messages (which passed smtpd access restrictions checks):
    • header checks
    • body checks

Tip: Quickly look up Postfix configuration parameters

In order to quickly read out your current configuration, use the Postfix configuration utility at the command prompt:

postconf

if possible, with the parameter you want to read out the value of, for example:

postconf smtpd_recipient_restrictions

In order to look up the defaults, add the -d flag.

The basics of smtpd access restrictions in Postfix

Postfix can enforce several types of smtpd access restrictions (set in main.cf), most notably:

smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions =

Wrapping all restrictions inside the smtpd_recipient_restrictions directive gives you one meaningful advantage: the ability to log all relevant information about each incoming connection that may help you to spot bugs in your configuration and/or further refine your setup.

In order to set helo restrictions, it is advisable to enforce that a helo be sent for each message (in main.cf):

smtpd_helo_required = yes

You can specify optional smtpd_restriction_classes for groups of access restrictions.

Once you know how it works, configuring spam defenses and setting your access restrictions in Postfix is rather easy.

Setting smtpd access restrictions in Postfix

Postfix applies restrictions in the order they are specified; the first restriction that matches “wins”.

Step 1. Set smtpd_recipient_restrictions

In main.cf, set smtpd_recipient_restrictions as follows (continue long lines by starting the next line with a whitespace character):

smtpd_recipient_restrictions = 
      permit_mynetworks,
      permit_sasl_authenticated,
      reject_unauth_destination,
      reject_invalid_hostname,
      reject_unauth_pipelining,
      reject_non_fqdn_sender,
      reject_unknown_sender_domain,
      reject_non_fqdn_recipient,
      reject_unknown_recipient_domain,
### make sure the files referenced on the following four lines exist
      check_client_access hash:/etc/postfix/access_maps/access_client,
      check_helo_access hash:/etc/postfix/access_maps/access_helo,
      check_sender_access regexp:/etc/postfix/access_maps/regex_access_sender, 
      check_recipient_access hash:/etc/postfix/access_maps/access_recipient,
### from time to time, anti-spam services may stop working; check the logs regularly to stay on top of things! 
      reject_rhsbl_client blackhole.securitysage.com,
      reject_rhsbl_sender blackhole.securitysage.com,
      reject_rbl_client relays.ordb.org,
      reject_rbl_client zen.spamhaus.org,
      reject_rbl_client b.bararacudacentral.org,
      reject_rbl_client blackholes.easynet.nl,
      reject_rbl_client cbl.abuseat.org,
      reject_rbl_client proxies.blackholes.wirehub.net,
      reject_rbl_client bl.spamcop.net,
      reject_rbl_client sbl.spamhaus.org,
      reject_rbl_client ubl.unsubscore.com,
      permit

By placing the RBL (Real-time, IP Based Blacklist) and RHSBL (Real-time, Domain Based Blacklist) checks at the end of the list of restrictions you minimize costly external DNS checks to those instances of mail that managed to pass all the other spam checks.

Postfix allows you to define your own access restrictions in a number of ways, including using regular expressions. In order to confirm which methods are supported by your version, you can inquire at the prompt using:

postconf -m

Step 2. Create access restrictions files that you referenced in main.cf

Create your access restrictions files as referenced in main.cf:

/etc/postfix/access_maps/access_client
/etc/postfix/access_maps/access_helo
/etc/postfix/access_maps/regex_access_sender
/etc/postfix/access_maps/access_recipient

Step 3. Edit your access restrictions files

Edit your access restrictions files in a text editor and populate them with rules. Follow the directions set in the /etc/postfix/access file.

Be vigilant of the type of restriction you are applying in each case. For example, to block a domain (domainname.tld) with its subdomains (anything.domainname.tld) in the check_client_access table, enter this in your /etc/postfix/access_maps/access_client file:

.spammingdomain.tld REJECT Get lost.

In this case, REJECT is the directive, “Get lost.” is an optional message (could be a numerical error code as well). Instead of REJECT, here are some alternatives:

  • you could DISCARD the message to avoid responding to it (which ties up resources and may turn you into a spammer yourself if your bounces hit an innocent victim),
  • hold the message in the queue for the lifetime of the queue (HOLD optional comment),
  • add a header (PREPEND headername: headervalue on a separate line preceding the header which triggered the event) or
  • redirect spam to one and only one recipient REDIRECT user@domain.tld).

For how these and other directives work, refer to the manual page for access:

man access

A legitimate email addresses rarely includes a hostname, but the exact opposite is usually true for spam. When you block a hostname in your access restrictions, the spammers can still get to you at virtually no expense by modifying the hostname. To turn the tables and make spamming of your systems uneconomical, you need to make their domains obsolete (so they can’t spam you without getting into expenses). Arguably the most efficient, sure-fire way of doing this involves regular expressions.

For some types of restrictions, you may want to use regex-based evaluation to account for variations in user names, subject lines, and the like. For example, you could block the most frequently abused top lever domains by using these directives:

/\.xyz$/ REJECT
/\.top$/ REJECT
/\.date$/ REJECT
/\.science$/ REJECT
/\.faith$/ REJECT

in your check_client_access and check_sender_access parameters.

Other prime candidates for this type of a block are the top level domains .pro, webcam, .work, and .download. This is not a solution for prime top-level domains such as .com, however. That’s where your past logs come in handy (read about how to extract spammers’ identifying information from logs and junk messages). For more detail on how to set up anti-spam filters using regular expressions, read this post (includes ready-to-use RegEx expressions).

Step 4. Run postmap on your access restrictions files (if they are being referenced via hash)

When you are done setting up the restrictions, run postmap on the files that are referenced with the parameterscheck_client_access, check_helo_access, check_sender_access, check_recipient_access using hash:

postmap access_*

This is not necessary for files referenced via regexp: (a reload will suffice) and won’t help with pcre: (in this case, it is advisable to restart postfix).

Step 5. Restart Postfix

Restart Postfix:

service postfix restart

to apply changes to its main configuration file. When you change only files referenced via regexp:, all you need to do is reload Postfix:

service postfix reload

Step 6. Test your filter pattern matching

As always, test your configuration to ensure that it works the way you intended. For files using regular expressions and referenced via regexp:

postmap -q 'teststring' regexp:/etc/postfix/access_maps/regex_access_sender

Step 7. Correct and update

Whenever you update access restriction files referenced via hash, run postmap on them. For files referenced via regexp:, simply reload postfix and you should be good to go.

Watch your back (keep an eye on the logs!)

You can view what’s going on in the main log file by using the command:

tail -f /var/log/maillog

Also, keep an eye on the mail in the system’s postmaster account (it may be routed to root’s mail directory, so check there too).

Tip: One way to get acquainted with various anti-spam services is MxToolbox, a testing suite which sports quite an impressive array of useful diagnostics tricks up its sleeve. Run a blacklist check on a domain and see what happens.

September 8th, 2016 | Category: Postfix | Leave a comment

Hyper-V Replica in Windows Server 2012 R2

the top 8 improvements done to Hyper-V Replica in Windows Server 2012 R2. We will be diving deep into each of these features in the coming weeks through blog posts and TechNet articles.

Seamless Upgrade

You can upgrade from Windows Server 2012 to Windows Server 2012 R2 without having to re-IR your protected VMs. With new features such as cross-version live migration, it is easy to maintain your DR story across OS upgrades. You can also choose to upgrade your primary site and replica site at different times as Hyper-V Replica will replicate your virtual machines from a Windows Server 2012 environment to a Windows Server 2012 R2 environment.

HYPER2

30 second replication frequency

Windows Server 2012 allowed customers to replicate their virtual machines at a preset 5minute replication frequency. Our aspirations to bring down this replication frequency was backed by customer’s asks on providing the flexibility to set different replication frequencies to diffeHYPER1rent virtual machines. With Windows Server 2012 R2, you can now asynchronously replicate your virtual machines at either 30second, 5mins or 15mins frequency.

30sec

Additional Recovery Points

Customers can now have a longer retention with 24 recovery points. These 24 (up from 16 in Windows Server 2012) recovery points are spaced at an hour’s interval.

image

Linux guest OS supportHYPER3

Hyper-V Replica, since it’s first release has been agnostic to the application and guest OS. However certain capabilities were unavailable on non-Windows guest OS in it’s initial avatar. With Windows Server 2012 R2, we are tightly integrated with non-Windows OS to provide file-system consistent snapshots and inject IP addresses as part of the failover workflow.

Extended Replication

You can now ‘extend’ your replica copy to a third site using the ‘Extended replication’ feature. The functionality provides an added layer of protection to recover from your disaster. You can now have a replica copy within your site (eg: ClusterA->ClusterB in your primary datacenter) and extend the replication for the protected VMs from ClusterB->ClusterC (in your secondary data center).

image

To recover from a disaster in ClusterA, you can now quickly failover to the VMs in ClusterB and continue to protect them to ClusterC. More on extended replication capabilities in the coming weeks.

Performance Improvements

Significant architectural investments were made to lower the IOPS and storage resources required on the Replica server. The most important of these was to move away from snapshot-based recovery points to “undo logs” based recovery points. These changes have a profound impact on the way the system scales up and consumes resources, and will be covered in greater detail in the coming weeks.

Online Resize

In Windows Server 2012 Hyper-V Replica was closely integrated with the various Hyper-V features such as VM migration, storage migration etc. Windows Server 2012 R2 allows you to resize a running VM and if your VM is protected – you can continue to replicate the virtual machine without having to re-IR the VM.

September 6th, 2016 | Category: Hyper-V | Leave a comment

Requirements for Active Directory Recycle Bin

Requirements for Active Directory Recycle Bin

Active Directory Domain Services environment

Do the following before you enable Active Directory Recycle Bin in an Active Directory Domain Services (AD DS) environment:
• Run Adprep to update your Active Directory schema with the necessary Active Directory Recycle Bin attributes. Membership in the Schema Admins group is the minimum required to complete the following Adprep tasks:

ImportantImportant

If you are performing a clean installation of a Windows Server 2008 R2 Active Directory forest, you do not have to run Adprep and your Active Directory schema will automatically contain all the necessary attributes for the Active Directory Recycle Bin to function properly. If, however, you are introducing a Windows Server 2008 R2 domain controller into your existing Windows Server 2003 or Windows Server 2008 forest and, subsequently, upgrading the rest of the domain controllers to Windows Server 2008 R2, you must run Adprep to update your Active Directory schema with the attributes that are necessary for Active Directory Recycle Bin to function correctly.

? Prepare the forest by running the adprep /forestprep command on the server that holds the schema master operations master (also known as flexible single master operations or FSMO) role to update the schema.

? Prepare the domain by running the adprep /domainprep /gpprep command on the server that holds the infrastructure operations master role.

? If a read-only domain controller (RODC) is present in your AD DS environment, you must also run the adprep /rodcprep command.

• Make sure that all domain controllers in your Active Directory forest are running Windows Server 2008 R2.

• Raise the functional level of your Active Directory forest to Windows Server 2008 R2.

Active Directory Lightweight Directory Services environment

Do the following before you enable Active Directory Recycle Bin in an Active Directory Lightweight Directory Services (AD LDS) environment:
• Upgrade the schema of your AD LDS configuration set with the necessary Active Directory Recycle Bin attributes by running the following command:

Ldifde.exe –i –f MS-ADAM-Upgrade-2.ldf –s server:port –b username domain password –j . -$ adamschema.cat

noteNote

If you are upgrading your environment to Windows Server 2008 R2, you can upgrade the schema first and then upgrade the operating system. If you select this approach, you will have to first locate and download the necessary MS-ADAM-Upgrade-2.ldf and adamschema.cat files. Or you can do the reverse: upgrade the operating system first and then upgrade the schema. This is the recommended approach, because both MS-ADAM-Upgrade-2.ldf and adamschema.cat are available in Windows Server 2008 R2 in the C:\Windows\ADAM directory.

• Make sure that all servers hosting the instances of your AD LDS configuration set are running Windows Server 2008 R2.

• Raise the functional level of your AD LDS configuration set to Windows Server 2008 R2 or higher. To do this using ADSIEdit:

1. Open ADSIEdit, click Action and click Connect to .

2. In Connection Point , click Select a well known Naming Context: and choose Configuration and in Computer , click Select or type a domain or server: and then type Localhost:50000 or an alternative server name and port that you chose during the AD LDS installation, and then click OK .

3. Double-click Configuration [Localhost:50000] , double-click CN=Configuration,CN={GUID} , right-click CN=Partitions , and click Properties .

4. Select msDS-Behavior-Version and click Edit .

5. Type a value of 4 to raise the functional level to Windows Server 2008 R2 or 5 to raise it to Windows Server 2012, and click OK twice.

September 6th, 2016 | Category: 2012 SERVER | Leave a comment

System Center 2012 R2

System Center 2012 R2 adds some new capabilities and changes to Operations Manager. These include:
•Fabric Monitoring: Closer integration with Virtual Machine Manager. The Virtual Machine Manager R2 management pack introduces cloud monitoring of virtual layers for private cloud environments. The Fabric Health Dashboard provides a detailed overview of the health of your private clouds and the fabric servicing those clouds.
•Microsoft Monitoring Agent: The Operations Manager Agent is replaced with a new agent that adds APM monitoring including the functionality of Visual Studio IntelliTrace Collector
•Integration with DevOps: APM, incorporated into Operations Manager with the first System Center 2012 release, added DevOps into System Center. R2 adds new alert fields of the TFS Work Item ID and TFS Work Item Owner. APM performance events are converted to IntelliTrace format.
•IPv6 Support: IPv6 addresses can now be used as input for Network discovery and be displayed in the network-related views.
•Java Application Performance Monitoring: The Java Application Performance Monitoring management pack lets you monitor Java application performance and exception events using the Operations Manager Application Advisor, part of the APM feature. You can also get Operations Manager alerting on Java application server counters.
•System Center Advisor: You can now view Advisor alerts on the Operations Manager Operations console.
•UNIX and Linux Monitoring: *NIX agents are now based on the Open Management Infrastructure (OMI) open-source CIM Object Manager.
•Management Pack Updates: These 31 management packs are being re-released with R2

wrestler windows 10 luchador
9 ways to bend Windows 10 to your will

Customize Windows 10 to your liking, not theirs.

Read Now

•Windows Server Operating System
•Azure
•Visual Studio Authoring Extensions for VS2012 and VS2013
•Service Management Automation
•Service Reporting
•Service Manager
•Service Provider Foundation
•Windows Azure Pack
•Windows Azure Pack – Websites
•DHCP
•ADRMS
•DNS
•File and iSCSI Services
•Cluster
•Print
•RDS
•ADDS
•ADLDS
•ADCS
•ADFS
•Hyper-V
•Remote Access
•Windows Server Essentials
•Multi-Tenant Remote Access
•BranchCache
•MSMQ
•NLB
•Web Application Proxy
•WSUS
•IIS
•WDS

September 6th, 2016 | Category: 2012 SERVER | Leave a comment

wbadmin , ntdsutil

wbadmin: Enables you to back up and restore your operating system, volumes, files, folders, and applications from a command prompt.

ntdsutil: Ntdsutil.exe is a command-line tool that provides management facilities for Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS). You can use the ntdsutil commands to perform database maintenance of AD DS, manage and control single master operations, and remove metadata left behind by domain controllers that were removed from the network without being properly uninstalled. This tool is intended for use by experienced administrators. http://technet.microsoft.com/en-us/library/cc753343.aspx Active Directory Recycle Bin: Active Directory Recycle Bin helps minimize directory service downtime by enhancing your ability to preserve and restore accidentally deleted Active Directory objects without restoring Active Directory data from backups, restarting Active Directory Domain Services (AD DS), or rebooting domain controllers. http://technet.microsoft.com/en-us/library/dd392261%28v=ws.10%29.aspx ldp: This GUI tool is a Lightweight Directory Access Protocol (LDAP) client that allows users to perform operations (such as connect, bind, search, modify, add, delete) against any LDAP-compatible directory, such as Active Directory. LDP is used to view objects stored in Active Directory along with their metadata, such as security descriptors and replication metadata.

Wbadmin is the command-line counterpart to Windows Server Backup. You use Wbadmin to manage all aspects of backup configuration that you would otherwise manage in Windows Server Backup. This means that you can typically use either tool to manage backup and recovery.

After you’ve installed the Backup Command-Line Tools feature, you can use Wbadmin to manage backup and recovery. Wbadmin is located in the %SystemRoot%\System32\ directory. As this directory is in your command path by default, you do not need to add this directory to your command path.

Tips RSS Feed

Subscribe to the TechNet Magazine Tips RSS feed.
You can run Wbadmin by following these steps:
1. Click Start, click All Programs, and then click Accessories to open the Accessories menu.
2. Start an elevated command prompt by right-clicking Command Prompt and then selecting Run As Administrator.
3. In the Command Prompt window, enter the necessary command text or run a script that invokes Wbadmin.

Wbadmin has a number of associated commands:
DELETE SYSTEMSTATEBACKUP Deletes the system state backup or backups from a specified location.
DISABLE BACKUP Disables scheduled daily backups so that they no longer run.
ENABLE BACKUP Enables or modifies a scheduled daily backup.
GET DISKS Lists the disks that are currently online for the local computer. Disks are listed by manufacturer name, type, disk number, GUID, total space, used space, and associated volumes. GET ITEMS Lists items contained in a specified backup.
GET STATUS Reports the status of the currently running backup or recovery job.
GET VERSIONS List details about the available backups stored in a specific location, including the backup time and backup destination.
START BACKUP Starts a one-time backup using the specified parameters. If no parameters are passed and scheduled backups are enabled, the backup uses the settings for scheduled backups.
START RECOVERY Initiates a recovery of volumes, applications, or files using the specified parameters.
START SYSTEMSTATEBACKUP Starts a system state backup using the options specified.
START SYSTEMSTATERECOVERY Starts a system state recovery using the specified parameters.
STOP JOB Stops the currently running backup or recovery job. Stopped jobs cannot be restarted from where they were stopped.

When you are working with Wbadmin, you can get help on available commands:
1.To view a list of management commands, type wbadmin /? at the command prompt.
2.To view the syntax for a specific management command, type wbadmin Command /?, where Command is the name of the management command you want to examine, such as wbadmin stop job /?.

When you work with Wbadmin, you’ll find that just about every command accepts parameters and specific parameter values that qualify what you want to work with. To see more clearly how this works, consider the following syntax example:

wbadmin get versions [-backupTarget:{VolumeName | NetworkSharePath}]
[-machine:BackupMachineName]

The brackets tell you that –backupTarget and –machine are optional. Thus, you could type the following to get information on recoverable backups on the local computer:

wbadmin get versions

You could type the following to get information on recoverable backups for C:

wbadmin get versions -backuptarget:f:

Or you could type the following to get information on recoverable backups for C on Server96:

wbadmin get versions -backuptarget:f: -machine:server96

Many Wbadmin commands use the –backupTarget and –machine parameters. The backup target is the storage location you want to work with, and can be expressed as a local volume name (such as F:) or as a network share path, such as \\FileServer32\backups\Server85. The –machine parameter identifies the computer you want to work with for backup or recovery operations.

September 5th, 2016 | Category: 2012 SERVER | Leave a comment
« Newer Entries  
  Older Entries »